Tag
CVE-2026-41101: Microsoft Office Word Improper Access Control Vulnerability Leading to Local Spoofing
2 rules 1 TTP 1 CVECVE-2026-41101 is a vulnerability in Microsoft Office Word due to improper access control, which allows an authorized attacker to perform spoofing locally, with a CVSS v3.1 base score of 7.1.
CVE-2026-40420 - Microsoft Office Click-To-Run Improper Access Control Vulnerability
2 rules 1 TTP 1 CVECVE-2026-40420 is an improper access control vulnerability in Microsoft Office Click-To-Run allowing an authorized attacker to elevate privileges locally.
Microsoft Word Use-After-Free Vulnerability CVE-2026-23657
2 rules 1 TTP 1 CVECVE-2026-23657 is a use-after-free vulnerability in Microsoft Office Word allowing a local attacker to execute arbitrary code with user privileges.
Suspicious WMI Image Load from MS Office
2 rules 1 TTPAdversaries may exploit Windows Management Instrumentation (WMI) to execute code stealthily, bypassing traditional security measures by loading `wmiutils.dll` from Microsoft Office applications, potentially indicating malicious execution.
Persistence via Visual Studio Tools for Office (VSTO) Add-ins
2 rules 1 TTPThe Visual Studio Tools for Office (VSTO) add-ins can be abused by attackers to establish persistence in Microsoft Office applications by modifying registry keys.
MS Office Macro Security Registry Modifications
2 rules 2 TTPsAttackers may modify Microsoft Office registry settings related to macro security (AccessVBOM, VbaWarnings) to disable security warnings, enabling malicious macros for persistence and further compromise.